package controller

import (
	"appService/src/application"
	"appService/src/application/admin/admin/adminModels"
	"appService/src/application/app/appModels"
	"appService/src/application/request"
	"appService/src/authValid"
	"appService/src/authValid/userAuthType"
	"appService/src/orm"
	"github.com/gogf/gf/frame/g"
	"github.com/gogf/gf/net/ghttp"
	"xorm.io/builder"
)

//角色权限
type Roles struct {
	application.BaseController
}
//getModel 获取控制器对应的 模型
func  (*Roles)getModel() appModels.IModel{
	return new(adminModels.Roles)
}
//isAuthAndApi 判断当前用户是否有权限添加角色，所含权限
func (this *Roles) isAuthAndApi(req *request.Request) {
	if req.LoginUser.Account.AccountType == userAuthType.SYSTEM_ADMIN {
		return
	} else {
		role := new(adminModels.Roles)
		req.ParamsAnalyse(role)
		loginUser := &appModels.UserInfo{
			Account: req.LoginUser.Account,
			// 账号角色信息
			User: req.LoginUser.User,
			// 默认的部门机构
			DefaultBranchId: req.LoginUser.DefaultBranchId,
			// 当前账号可以访问的部门机构ID数组
			BranchIds: req.LoginUser.BranchIds,
			// 是否登陆
			IsLogin: req.LoginUser.IsLogin,
		}
		if role.AuthGroupId != loginUser.User.AuthGroupId {
			user := new(appModels.Users)
			has, err := orm.Db.Where(builder.Eq{"account_id": loginUser.Account.Id, "auth_group_id": role.AuthGroupId}).Get(user)
			if err != nil {
				g.Log().Errorf("查询权限组【用户】信息失败，错误：%v", err)
				req.JsonError("获取菜单列表失败")
			}
			if !has {
				req.JsonError("您没有权限访问该【权限组】菜单列表")
			}
			loginUser.User = *user
		}
		authList := authValid.GetUserAuthList(loginUser, false)
		for _, authId := range role.AuthId {
			isExist := false
			for _, v := range *authList {
				if v.Id == authId {
					isExist = true
				}
			}
			if !isExist {
				a := authValid.GetAuth(authId)
				if a == nil {
					req.JsonError("您没有权限，操作")
				} else {
					req.JsonErrorf("您没有权限，赋予【%v】菜单权限给该角色。", a.Title)
				}
			}
		}
		acLIst := authValid.GetUserAuthCodeList(loginUser)
		for _, apiCode := range role.ApiCode {
			isExist := false
			for _, v := range *acLIst {
				if v == apiCode {
					isExist = true
				}
			}
			if !isExist {
				a := authValid.AuthCodeGetRoute(apiCode)
				if a == nil {
					req.JsonError("您没有权限，操作")
				} else {
					req.JsonErrorf("您没有权限，赋予【%v】数据权限给该角色。", a.Title)
				}
			}
		}
		for _, apiCode := range role.DefaultApiCode {
			isExist := false
			for _, v := range *acLIst {
				if v == apiCode {
					isExist = true
				}
			}
			if !isExist {
				a := authValid.AuthCodeGetRoute(apiCode)
				if a == nil {
					req.JsonError("您没有权限，操作")
				} else {
					req.JsonErrorf("您没有权限，赋予【%v】数据权限给该角色。", a.Title)
				}
			}
		}
		branchIds := authValid.GetBranchIDs(loginUser, false)
		for _, bid := range role.BranchId {
			isExist := false
			for _, v := range *branchIds {
				if v == bid {
					isExist = true
				}
			}
			if !isExist {
				b := new(adminModels.Branch)
				has, err := orm.Db.Where(builder.Eq{"id": bid}).Get(b)
				if err == nil && has {
					req.JsonErrorf("您没有权限，赋予【%v】部门机构给该角色。", b.BranchName)
				} else {
					req.JsonError("您没有权限，操作")
				}
			}
		}
	}
}

//Add 添加
func (this *Roles) Add(r *ghttp.Request) {
	req := this.NewRequest(r,this.getModel())
	this.isAuthAndApi(req)
	req.AddHandle(func() {
		roles := req.Model.(*adminModels.Roles)
		authValid.RoleSet(roles)
	})
}

//Delete 删除
func (this *Roles) Delete(r *ghttp.Request) {
	req := this.NewRequest(r,this.getModel())
	req.DeleteHandle(func(ids []string) {
		for _, id := range ids {
			authValid.RoleRemove(id)
		}
	})
}

//Edit 修改
func (this *Roles) Edit(r *ghttp.Request) {
	req := this.NewRequest(r,this.getModel())
	this.isAuthAndApi(req)
	req.EditHandle(func() {
		roles := req.Model.(*adminModels.Roles)
		authValid.RoleSet(roles)
	})
}

func (this *Roles) ListPaginate(r *ghttp.Request){
	this.NewRequest(r,this.getModel()).ListPaginate()
}

func (this *Roles) List(r *ghttp.Request){
	this.NewRequest(r,this.getModel()).List()
}